This check determines whether Internet Information Services (IIS) is running on a system that is a domain controller. This is flagged in the scan report as a
high-level vulnerability, unless the computer being scanned is running
We recommend that you do not run an IIS Web server on a domain controller. Domain controllers contain sensitive data, such as user account information, and they should not be used in another role. If you run a Web server on a domain controller, you increase the complexity involved in securing the server and preventing attacks.
©2002-2004